Mariposa Botnet and How It Works - Coursework Example

Mariposa Botnet: What are They and How do They Work. October 12, Mariposa Botnet: What are They and How do They Work. INTRODUCTIONMariposa botnet is a malware that infiltrates computers. The research delves on the botnets, viruses, and malware. The research delves on the with Mariposa Botnet malware program’s damaging functions. Mariposa Botnet malware program focuses on identity theft, DDos attacks, and stealing confidential information. BODY Mariposa Botnet malware program is also defined a group of computers that are under control of a single entity, a group of criminal leaders of the Mariposa Botnet malware. The name Mariposa is the name of the botnet. Mariposa Botnet malware program is not a virus. The program is definitely not a worm. The Mariposa malware program is called a botnet. Botnet means control. The owners of the botnet take control of the infected computers’ functions. While under control, the criminal leaders of the Mariposa Botnet malware can do whatever they want with the files stored in the hacked computers’ database. Malware program constantly change to avoid being noticed the attacked computers’ warning systems. The criminal leaders of the Mariposa Botnet malware masterminds use software strategies and social engineering procedures to find ways to pass on the malware into targeted victims’ computers. Malwares send information to their crime headquarters. To understand the Mariposa Botnet malware program, the botnet term should first be discussed. A botnet normally occurs in a P2P environment. Several computers connect to each other to engage in file sharing activities. One computer can connect to a botnet in order to get files located in another botnet member’s computer. Some individuals volunteer to join the peer to peer environment. They feel that the benefits from the botnet environment because they can retrieve files from other botnet environment members (Stamp, 2010). Understanding the Mariposa Botnet malware program, malware is discussed here. Malware means malicious codes. The infecting malware code acts like an agent. The agent, malware code, does the bidding or obeys the instructions of the malware manufacturer, creator. When infected by the malware, the computer is now like a zombie of the malware creator. The malware culprit obeys the malware creator’s instructions to hand in the personal data or information of the computer unit’s owner or user. When the computer owner gives instructions to the computer, the computer refuses to comply with the computer owner’s instructions (Thompson, 2009). Further, a computer virus normally differs from a botnet. A virus is a program that is set to activate on a scheduled time, usually some time in the future. When the date arrives, the virus unloads all its debilitating effects on the computer. Viruses were created to make pranks on the computer owners. Many viruses do not intend to harm the computer owners. The viruses are normally not designed to steal confidential credit card numbers. Viruses are normally not created to steal confidential personal information concerning the computer users. Viruses include the 1992 Michaelangelo virus, the Win32.Hatred virus, polymorphic virus, the unforgettable horrors of the iloveyou virus, Sunday virus, and Jerusalem virus (Shelly, 2011). Furthermore, the malware takes the place of a physical threat. A thief who tries to steal a victim’s credit card information from your computer would have to barge into your home or office. When reaching inside the computer owner’s home or office, the invader has to locate where the computer owner hides his computer. This will take lots of roaming around time. When the thief reaches the victim’s computer, the intruder will have to locate where the computer owner hid his coveted passwords (Thompson, 2009). If the computer has no login password, the computer owner is giving confidential information openly to the data thief. When this happens, the thief’s chances of stealing confidential information are very greater. The intruder must be able to the thief must be able to pass through the security guards stationed in front of your home or office. When the intruder is able to pass through your security guards, the intruder has to avoid being detected by people inside your home or office. The physical stealing of confidential information is more difficult to accomplish, when compared to using malware to steal the computer users’ confidential information. The malicious malware codes will wreak havoc to the lives of all infected computer owners (Skoudis, 2004). Further, one website cache connects all the computers registered with the p2p botnet. Usually, the botnet uses the Gnutella Web cache that keeps all the botnet computers connected to each other. The same cache is set in the client’s code. Consequently, any new botnet member can join the botnet group. Once accepted, the new computer can update its computer with the latest files stored in another botnet member’s hard disk (Skoudis, 2004). Consequently, when one computer requests another botnet member for updates or access to a file, the other computer replies by sending the requesting file to the requesting computer’s hard disk. To increase communication between two botnet computers, the two computers the power of algorithm to speed up the request and send peer to peer process. One popular peer to peer site is Napster. Most p2p setups indicate the central server is the only location where one or more botnet computer members can make P2P file request and file sending (Skoudis, 2004). Likewise, the Mariposa Botnet malware program constantly changes the program structure. The criminal leaders of the Mariposa Botnet malware constantly update the botnet. Consequently. Mariposa Botnet malware program has many variants. The variants has already reached the 1,500 variants level. Because of the continuing change, the malware is both a dynamic as well as insistent botnet. It is one of the largest botnets in the world used by its creators to steal money from its victims and implementing DDos infections (Ottis, 2011). In addition, Matt Thompson emphasized that Mariposa Botnet is a malware program (2009). The malware’s command and control center implements custom encrypted UDP datagrams to acquire and send hacked or stolen computer information. The Mariposa Botnet malware program gathers confidential information from the computer users’ computers. The malware is tasks to retrieve bank accounts, credit card information, and other confidential information. Likewise, the malware gathers the personal profile of the infected computers’ users. The malware’s owners can use the stolen personal information for identity theft purposes. Further, the Mariposa Botnet malware program’s illegal activities are financially disastrous. In October 2009 alone, one malware update cropped up. Two malicious Mariposa Botnet programs were downloaded into the victims’ computers. The downloaded malware took control of the computer owner’s software and hardware functions. The malware renamed the ASCII commands and stole Google Adsense collections. Moreover, the Mariposa Botnet malware program cropped up its massive theft feelers in May of 2009. The program cause many computers to send traffic to the criminal leaders’ server headquarters. The Mariposa Botnet malware program’s evil functions included compromising computers that were infected by the spreading malware. The botnet master or creator can infinitely increase and extend the ill effects of the program far beyond the damage inflicted when the computers were first infected. The computer’s massive stealing activities grew in strength and activities. In addition, the Mariposa Botnet malware program constantly updates itself. The program sends constant messages to the criminal leaders’ main servers. The updates created a metamorphosis of the original characteristics of the malware to a new binary form, like a chameleon. The chameleon effect reduces the infected computer’s anti-virus programs to detect the ever-changing Mariposa Botnet malware program (Thompson, 2009). Further, the Mariposa Botnet malware program attacked many computers in several countries. Usually the criminal leaders of the program chose which country to infect. In addition, the criminal leaders of the criminal leaders of the Mariposa Botnet malware chose which individual computers to infect, control, and steal confidential information. Research that was conducted showed the servers of the intruding malware included lalundelau.sinip.es, bf2bc.sinip.es, and thejacksonfive.us, tamiflux.net, binaryfeed.in, and booster.estr.es (Thompson, 2009). Whats more, the Mariposa Botnet malware program was finally shut down. Panda Security antivirus Corporation contributed its significant share to deleting the annoying trespasser, Mariposa Botnet malware program. In addition, Georgia Tech Information Security Center (GTISC) jumped into the debacle to help in wiping out the Mariposa Botnet malware program from the face of the earth (Thompson, 2009). In addition, an analysis of the damages was very financially hurting. The Mariposa Botnet malware program was able to infiltrate, control, and execute its illegal activities on an estimated 13 million computers. The computers included those owned by government agencies. The sidelined computers included those owned by business and other corporations or entities. The infected computers include those in the hands of individuals. The malware-hit computers include those used in schools and other learning facilities. The Mariposa Botnet malware program was able to steal confidential bank information and credit card details from individuals and groups living in more than 189 countries around the world (Thompson, 2009). Whats more, the computer literally stole vital confidential information. The stolen information included passwords. The hacked data included bank details. Consequently, the malware was able to stealing computer users’ names, addresses, phone numbers, and other personal identification details. The criminal leaders of the Mariposa Botnet malware successfully withdraw money using the stolen credit card information and stolen bank details (Thompson, 2009). Moreover, the research showed that the malware was very active. The researchers used different methods to diffuse the damages done by the uninvited guest, Mariposa Botnet malware program. The counter attacks used against the Mariposa Botnet malware program included obfuscation. Another anti- Mariposa Botnet malware program strategy was to use anti-debugging programs. The computer defenders used a third tool to combat the dreaded malware. The tool was a packing program process. The MD5 has of the original Mariposa Botnet malware program sample is f4e2c305ef2d38b6d4e4be9d19de16ed. Of the 41 anti-virus programs that were used to detect and defeat the malware, only 36 out of 41 antivirus software programs were able to detect the malware. This is the reason why the malware continues to successful enter the targeted computers without being noticed and swept away, cleaned (Thompson, 2009). In terms of computer antivirus parlance, the obfuscation and packing takes place. The program’s entry point starts with the obfuscated loop. The loop includes a mixture of meaningless SIMD and FPU commands. As the loop reaches its terminal end, the code transfers to an address that starts with XOR of the .text part of the image in random access memory with the corresponding 0x0CB2DC4AA constant. The decoded .text part is pressed towards the stack. Consequently, the RETN command transfers management of the Mariposa Botnet malware program to the decoded code. The code begins its magnanimous job of debugging the giant malware software program (Thompson, 2009). CONCLUSION Summarizing the above discussion, Mariposa botnet is a malware that infiltrates computers. The research delves on the botnets, viruses, and malware. The research delves on the with Mariposa Botnet malware program’s damaging functions. Evidently, Mariposa Botnet malware program focuses on unlawful identity theft, DDos attacks, and stealing confidential information, and credit card theft. REFERENCES: Ottis, R. (2011). The Proceedings of the 10th European Conference on Information Warfare and Security. New York: Academic Conference Press. Shelly, G. (2011). Discovering Computers 2011. New York: Cengage Learning Press. Skoudis, E. (2004). Malware: Fighting Malicious Code. New York: Prentice Hall Press. Stamp, M. (2010). Handbook of Information and Communication Strategy. New York: Springer Press. Thompson, M. (2009). Mariposa Botnet. retrieved October 12, 2012 from Read More